Hacking

Customer accounts of Dunkin' Donuts hacked

Dunkin', the company behind the Dunkin' Donuts franchise, has notified its stores' owners that DD Perks rewards accounts were targeted by hackers at the end of October.

According to the company, a hacker may have gained access to customer account details including first and last names, email addresses, DD Perks account numbers and DD Perks QR codes, as well as gift card numbers.

Despite the potential leak of sensitive information, the company said it did not suffer a breach of its backend systems, and instead only fell victim to an automated attack known as a credential stuffing attack. This type of attack is automated, making use of information gained elsewhere to force entry into various accounts.

During the announcement, the company stated that the hacking attempt was the result of a cyber attack on other companies, after which the hackers were able to use usernames and passwords to attempt to breach online accounts across the web.

"Third-parties who obtained DD Perks account holders' usernames and passwords through other companies' or organizations' security breaches may have used this information to log into certain DD Perks accounts if the account holders used the same username and password for unrelated accounts," a Dunkin' Donuts spokesperson said.

According to Dunkin', its cyber security processes were successful in preventing most of the hacking attempts. However, the company admitted that some may have been successful, and therefore those whose accounts may have been compromised were contacted.

As a result of the hack attempt, Dunkin' has suggested that its customers should consider replacing their usernames and passwords on their other accounts if they match those associated with DD Perks.

Additionally, the firm's IT experts reportedly forced a password reset and replaced the account numbers and value cards of those who may have been affected by the attack. A spokesperson added: "We immediately launched an internal investigation and have been working with our security vendor to remediate this event and to help prevent this kind of event from occurring in the future."

"We also reported the incident to law enforcement and are cooperating with law enforcement to help identify and apprehend those third-parties responsible for this incident."

As a result of the hack attempt, Dunkin' has suggested that its customers should consider replacing their usernames and passwords on their other accounts if they match those associated with DD Perks.